Powershell logparse regexp to csv

This content is 2 years old. Technology changes with time. Keep that in mind as you read this article.

Input line:

Thu 2017-03-30 00:00:07: user@domain.com (John Doe) checked mail from 127.0.0.1 using IMAP, 0 msgs collected, 21 remaining

Powershell script:

$rxp = "([a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)|(d{1,3}.d{1,3}.d{1,3}.d{1,3})|(POP|IMAP)|(^[A-Z][a-z]+sd{4}-d{2}-d{2}sd{2}:d{2}:d{2})"

gc ".*.log" | select-string -pattern $rxp -allmatches | foreach {

if ($_.Matches.count -ne 4) {
return
}
[pscustomobject]@{
 'date'=$_.Matches[0]
 'email'=$_.Matches[1]
 'ipaddr'=$_.Matches[2]
 'proto'=$_.Matches[3]
 }
} | export-csv -notype analysis.csv

Posted by Rich

Father, geek, caffeine addict, IT guy, photographer and after-hours hacker...

Leave a Reply

Your email address will not be published. Required fields are marked *